Check patentability & draft patents in minutes with Patsnap Eureka AI!

Method and system for realizing security group blacklist based on openstack

A technology of security groups and blacklists, applied in transmission systems, electrical components, etc., to achieve the effect of increasing flexibility and robustness

Active Publication Date: 2021-06-04
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Currently openstack only supports security group whitelist

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for realizing security group blacklist based on openstack
  • Method and system for realizing security group blacklist based on openstack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention will be further described below with reference to the accompanying drawings and specific examples.

[0044] OpenStack serves as a mainstream product in the current IAAS cloud computing, and OpenStack has obtained the industry's widespread concern and general welcome, especially the commercial landing of OpenStack open source communities and OpenStack related products has been developed, but some functions Not implemented, such as a security group blacklist. The security group blacklist relative to the white list can accurately intercept the specified traffic, and there is a flexibility that does not have a whitelist. The OpenStack Cloud Platform existing Neutron project only implements the white list of security groups, and users cannot specify security group policies.

[0045] Neutron is responsible for providing OpenStack's network function, which has a very good scalability, and the embodiment of the present invention implements a blacklist in the f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for realizing a security group blacklist based on openstack, and belongs to the technical field of cloud computing and computer networks, the security group blacklist is realized by expanding service-plugin and openvswitch-agentextension of a neutron, a tap port bound with a virtual machine is marked in a raw table of iptables, traffic entering and exiting the virtual machine is imported into a chain of the security group blacklist in a mangle table of the iptables according to the mark, matching is carried out according to a blacklist rule; and the unmatched traffic is imported into a filter table of the iptables, and the matching is continued according to the original security group rule of the neutron. According to the invention, the openstack not only supports the creation of the security group white list, but also supports the security group black list, so that a more flexible security group mechanism is realized.

Description

Technical field [0001] The present invention relates to the field of cloud computing and computer network technology, and specifically, methods and systems that implement security group blacklists based on OpenStack. Background technique [0002] In OpenStack, the virtual machine limits the communication of itself by binding the security group. OpenStack's security group is implemented via Linux iptables that releases or rejects the traffic of the virtual machine by issuing the corresponding iptables rules. [0003] The security component is divided into white list and blacklist. The default rule of whitelist is that DROP offs all traffic, the priority is the lowest ACCEPT rule, and the traffic of the corresponding rules is released; the default rules for the blacklist are all traffic, the lowest priority, pass Drop the higher priority DROP rules to reject the traffic of the corresponding rules. Currently OpenStack only supports a list of security groups. Inventive content [00...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/101H04L63/20
Inventor 高雨张晖李彦君胡章丰李亚洁
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com